gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22057 Commits
842 Branches
288 MiB
 
 
 
 
 
 
Tree: b88cfe6d41
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b88cfe6d41'
${ noResults }
synapse/docker/Dockerfile

179 lines
6.2 KiB
Raw Blame History 

  1. # syntax=docker/dockerfile:1

  2. # Dockerfile to build the matrixdotorg/synapse docker images.

  3. #

  4. # Note that it uses features which are only available in BuildKit - see

  5. # https://docs.docker.com/go/buildkit/ for more information.

  6. #

  7. # To build the image, run `docker build` command from the root of the

  8. # synapse repository:

  9. #

  10. #    DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile .

  11. #

  12. # There is an optional PYTHON_VERSION build argument which sets the

  13. # version of python to build against: for example:

  14. #

  15. #    DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.10 .

  16. #

  17. 

  18. # Irritatingly, there is no blessed guide on how to distribute an application with its

  19. # poetry-managed environment in a docker image. We have opted for

  20. # `poetry export | pip install -r /dev/stdin`, but beware: we have experienced bugs in

  21. # in `poetry export` in the past.

  22. 

  23. ARG PYTHON_VERSION=3.9

  24. 

  25. ###

  26. ### Stage 0: generate requirements.txt

  27. ###

  28. # We hardcode the use of Debian bullseye here because this could change upstream

  29. # and other Dockerfiles used for testing are expecting bullseye.

  30. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as requirements

  31. 

  32. # RUN --mount is specific to buildkit and is documented at

  33. # https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#build-mounts-run---mount.

  34. # Here we use it to set up a cache for apt (and below for pip), to improve

  35. # rebuild speeds on slow connections.

  36. RUN \

  37.    --mount=type=cache,target=/var/cache/apt,sharing=locked \

  38.    --mount=type=cache,target=/var/lib/apt,sharing=locked \

  39.     apt-get update -qq && apt-get install -yqq \

  40.       build-essential git libffi-dev libssl-dev \

  41.     && rm -rf /var/lib/apt/lists/*

  42. 

  43. # We install poetry in its own build stage to avoid its dependencies conflicting with

  44. # synapse's dependencies.

  45. RUN --mount=type=cache,target=/root/.cache/pip \

  46.   pip install --user "poetry==1.3.2"

  47. 

  48. WORKDIR /synapse

  49. 

  50. # Copy just what we need to run `poetry export`...

  51. COPY pyproject.toml poetry.lock /synapse/

  52. 

  53. 

  54. # If specified, we won't verify the hashes of dependencies.

  55. # This is only needed if the hashes of dependencies cannot be checked for some

  56. # reason, such as when a git repository is used directly as a dependency.

  57. ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION

  58. 

  59. # If specified, we won't use the Poetry lockfile.

  60. # Instead, we'll just install what a regular `pip install` would from PyPI.

  61. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE

  62. 

  63. # Export the dependencies, but only if we're actually going to use the Poetry lockfile.

  64. # Otherwise, just create an empty requirements file so that the Dockerfile can

  65. # proceed.

  66. RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \

  67.     /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \

  68.   else \

  69.     touch /synapse/requirements.txt; \

  70.   fi

  71. 

  72. ###

  73. ### Stage 1: builder

  74. ###

  75. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as builder

  76. 

  77. # install the OS build deps

  78. RUN \

  79.    --mount=type=cache,target=/var/cache/apt,sharing=locked \

  80.    --mount=type=cache,target=/var/lib/apt,sharing=locked \

  81.  apt-get update -qq && apt-get install -yqq \

  82.     build-essential \

  83.     libffi-dev \

  84.     libjpeg-dev \

  85.     libpq-dev \

  86.     libssl-dev \

  87.     libwebp-dev \

  88.     libxml++2.6-dev \

  89.     libxslt1-dev \

  90.     openssl \

  91.     zlib1g-dev \

  92.     git \

  93.     curl \

  94.     libicu-dev \

  95.     pkg-config \

  96.     && rm -rf /var/lib/apt/lists/*

  97. 

  98. 

  99. # Install rust and ensure its in the PATH

  100. ENV RUSTUP_HOME=/rust

  101. ENV CARGO_HOME=/cargo

  102. ENV PATH=/cargo/bin:/rust/bin:$PATH

  103. RUN mkdir /rust /cargo

  104. 

  105. RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable --profile minimal

  106. 

  107. 

  108. # arm64 builds consume a lot of memory if `CARGO_NET_GIT_FETCH_WITH_CLI` is not

  109. # set to true, so we expose it as a build-arg.

  110. ARG CARGO_NET_GIT_FETCH_WITH_CLI=false

  111. ENV CARGO_NET_GIT_FETCH_WITH_CLI=$CARGO_NET_GIT_FETCH_WITH_CLI

  112. 

  113. # To speed up rebuilds, install all of the dependencies before we copy over

  114. # the whole synapse project, so that this layer in the Docker cache can be

  115. # used while you develop on the source

  116. #

  117. # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.

  118. COPY --from=requirements /synapse/requirements.txt /synapse/

  119. RUN --mount=type=cache,target=/root/.cache/pip \

  120.   pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt

  121. 

  122. # Copy over the rest of the synapse source code.

  123. COPY synapse /synapse/synapse/

  124. COPY rust /synapse/rust/

  125. # ... and what we need to `pip install`.

  126. COPY pyproject.toml README.rst build_rust.py Cargo.toml Cargo.lock /synapse/

  127. 

  128. # Repeat of earlier build argument declaration, as this is a new build stage.

  129. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE

  130. 

  131. # Install the synapse package itself.

  132. # If we have populated requirements.txt, we don't install any dependencies

  133. # as we should already have those from the previous `pip install` step.

  134. RUN --mount=type=cache,target=/synapse/target,sharing=locked \

  135.   --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \

  136.   if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \

  137.     pip install --prefix="/install" --no-deps --no-warn-script-location /synapse[all]; \

  138.   else \

  139.     pip install --prefix="/install" --no-warn-script-location /synapse[all]; \

  140.   fi

  141. 

  142. ###

  143. ### Stage 2: runtime

  144. ###

  145. 

  146. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye

  147. 

  148. LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'

  149. LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md'

  150. LABEL org.opencontainers.image.source='https://github.com/matrix-org/synapse.git'

  151. LABEL org.opencontainers.image.licenses='Apache-2.0'

  152. 

  153. RUN \

  154.    --mount=type=cache,target=/var/cache/apt,sharing=locked \

  155.    --mount=type=cache,target=/var/lib/apt,sharing=locked \

  156.   apt-get update -qq && apt-get install -yqq \

  157.     curl \

  158.     gosu \

  159.     libjpeg62-turbo \

  160.     libpq5 \

  161.     libwebp6 \

  162.     xmlsec1 \

  163.     libjemalloc2 \

  164.     libicu67 \

  165.     libssl-dev \

  166.     openssl \

  167.     && rm -rf /var/lib/apt/lists/*

  168. 

  169. COPY --from=builder /install /usr/local

  170. COPY ./docker/start.py /start.py

  171. COPY ./docker/conf /conf

  172. 

  173. EXPOSE 8008/tcp 8009/tcp 8448/tcp

  174. 

  175. ENTRYPOINT ["/start.py"]

  176. 

  177. HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \

  178.     CMD curl -fSs http://localhost:8008/health || exit 1